IDT Domestic Telecom, Inc.
Política de privacidad de BOSS Revolution

Actualizado el 16 de febrero de 2026

1. General

IDT se compromete a proteger la privacidad de su información personal. A través de nuestra marca BOSS Revolution, proporcionamos a los consumidores diversos productos y servicios que le permiten mantenerse conectado con los suyos.

Esta Política de privacidad de Boss Revolution (la “Política”) establece nuestras políticas y procedimientos con respecto a la recopilación, el uso y el intercambio de su información personal. También explicamos las medidas que tomamos para proteger su información y cómo puede limitar la recopilación, el uso y el intercambio de su información.

Esta Política se aplica a lo siguiente, a menos que se indique lo contrario:

usuarios de nuestros productos y servicios de BOSS Revolution, incluidos Boss Revolution Pinless, Boss Revolution Mobile, Call Me, Recargas móviles nacionales e internacionales y Tarjetas e-Gift (colectivamente, los “Productos BR”), ya sea que se compren a través de nuestros sitios web, nuestras aplicaciones o en un comercio minorista autorizado;
usuarios y visitantes de nuestros sitios web de BOSS Revolution, incluidos www.bossrevolution.com, www.brmarket.bossrevolution.com y www.brclubsaves.com (colectivamente, los “Sitios web BR”);
miembros de cualquier programa de lealtad o recompensas de BOSS Revolution; y
usuarios de nuestra aplicación de llamadas Boss Revolution (la “Aplicación BR”).

Cuando utilizamos el término “Servicios”, se refiere a los Productos BR, los Sitios web BR y la Aplicación BR de forma colectiva. Cuando nos referimos a IDT o “nosotros” o “nuestro”, estamos hablando de IDT Domestic Telecom, Inc. y, según corresponda, sus empresas afiliadas, subsidiarias, matrices y otras entidades relacionadas.

Esta Política no se aplica a los productos o servicios ofrecidos por IDT Payment Services, Inc. o IDT Payment Services of NY LLC, incluidas las transferencias de dinero, el pago de facturas nacionales y el pago de facturas internacionales, y a ninguna información recopilada durante las transacciones de esos productos y servicios. Las políticas y procedimientos que rigen su información personal recopilada durante las transacciones para esos productos se rigen por la Declaración de privacidad de IDT Payment Services, Inc. e IDT Payment Services of NY LLC, que se puede encontrar enat https://www.bossrevolution.com/en-us/services/money-transfer.

Esta Política no se aplica a ningún sitio web, producto o servicio de empresas de terceros, anunciantes, socios o proveedores de servicios, incluso si el sitio web tiene un enlace hacia (o desde) los Sitios web BR y/o la Aplicación BR. Los Sitios web BR y la Aplicación BR pueden contener enlaces a otros sitios web de terceros que no son propiedad de IDT, ni son operados, mantenidos ni están relacionados con IDT (“Sitios de terceros”). Cualquier hipervínculo de este tipo debe ser accedido bajo el propio riesgo del usuario. No somos responsables del contenido, las prácticas de privacidad, la recopilación de datos, las políticas o cualquier otro aspecto de un Sitio de terceros, incluso si un Sitio web BR o la Aplicación BR contiene un enlace a dicho sitio. Esta Política no se aplica a los Sitios de terceros, y le recomendamos que lea y comprenda de forma independiente las políticas de privacidad de cada Sitio de terceros. La presencia de un enlace a un Sitio de terceros no indica necesariamente que dicho Sitio de terceros esté patrocinado o afiliado a IDT de ninguna manera.

También debe leer los términos de servicio para cada Servicio que use, que se pueden encontrar en el Sitio web BR correspondiente o en la Aplicación BR.

Podemos actualizar esta Política ocasionalmente y debe revisarla periódicamente para conocer los cambios. Cualquier Política actualizada se publicará en los Sitios web BR y la Aplicación BR.

2. Consentimiento para el uso de los Servicios

Al acceder o usar los Servicios, usted acepta esta Política y nuestros Términos de uso, que se incorporan por referencia a esta Política. Si no está de acuerdo con nuestras políticas y prácticas, puede optar por no usar nuestros Servicios. Su uso de los Servicios, y cualquier disputa sobre la privacidad, está sujeto a esta Política y a nuestros Términos de uso, incluidas sus limitaciones aplicables sobre daños y la resolución de disputas.

Nosotros o los terceros con los que trabajamos podemos recopilar automáticamente cierta información utilizando tecnologías como cookies, balizas web, GIF transparentes, píxeles, etiquetas de Internet, registros de servidores web y otras herramientas de recopilación de datos, que se describen más adelante. Al utilizar los Sitios web BR y la Aplicación BR, usted da su consentimiento para que IDT y terceros obtengan datos sobre sus visitas y el uso que hace de los Sitios web BR y la Aplicación BR, incluido, entre otros, a través de tecnologías como Google Analytics.

Dependiendo de dónde resida, puede tener derechos adicionales, que se describen con mayor detalle en los anexos de esta Política (consulte infra Anexos A-P que detallan aún más los derechos de los residentes de California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, Nueva Jersey, Oregón, Tennessee, Texas, Utah y Virginia). Además, si es residente de California, revise nuestro Aviso de derechos de California, que complementa aún más esta Política y explica los derechos adicionales que puede tener según la ley de California con respecto a nuestro uso de su información personal.

3. Información que recopilamos

IDT puede recibir y recopilar tanto información de identificación personal como información no identificativa de usted cuando operamos y le proporcionamos los Servicios, cuando instala, accede o usa los Servicios y cuando se comunica con nosotros. Información personal significa información que por sí sola o junto con otros datos permite identificar a una persona específica, pero no incluye información "desidentificada", "anónima" o "agregada", que de otra manera no está asociada con una persona específica. Información no identificativa significa información que por sí sola no se puede usar para identificar a una persona específica (por ejemplo, el código postal).

A. Información que usted proporciona. Dependiendo del Servicio en particular, puede proporcionar la siguiente información personal:

nombre
dirección
dirección de correo electrónico
número de teléfono móvil u otro
información de pago, incluidos los detalles de la tarjeta de crédito o débito
fecha de nacimiento
otra información necesaria para verificarlo a usted, su cuenta y/o su número de teléfono
otra información que nos proporcione para fines de servicio al cliente, encuestas, sorteos o comentarios sobre productos

B. Información que recopilamos. Dependiendo del Servicio en particular, podemos recopilar automáticamente la siguiente información:

código de seguridad de BOSS Revolution, contraseña y credenciales de inicio de sesión
información de diagnóstico y rendimiento relacionada con el Servicio, incluido cómo usa nuestros Servicios y registros de rendimiento
registros de llamadas, números llamados con frecuencia y datos de tráfico de red
mensajes enviados con nuestros Servicios, incluidos chats, fotos, videos y mensajes de voz
información de contacto personal, de teléfono o de redes sociales
información sobre su dispositivo, incluido el modelo, navegador, sistema operativo, tipo de plataforma, software de aplicación, red móvil, identificadores y números de dispositivo, y velocidad de conexión a Internet
actividad de navegación, búsqueda y compra
dirección IP
Sitios web BR visitados y sitios web de los que proviene y a los que va después
uso de funciones de la Aplicación BR y contenido almacenado
ciertos datos en su dispositivo, incluidos sus contactos, los números de teléfono en su libreta de direcciones móvil, listas de favoritos y otras aplicaciones instaladas
número de identificación del dispositivo
geolocalización e información de ubicación del dispositivo, que se deriva de su IP u otros datos que proporcionan una ubicación de ciudad o código postal, si habilita las funciones de ubicación en sus dispositivos
información transaccional al comprar un Producto BR

C. Información proporcionada por terceros.

Cuando instala, accede o usa los Servicios, podemos obtener la siguiente información de fuentes de terceros:

información crediticia de agencias de informes crediticios
información transaccional al comprar un Producto BR, incluidos recibos o información de tiendas de aplicaciones u otros terceros que procesan su pago
información agregada de empresas externas que recopilan información sobre consumidores, como datos demográficos y de intereses (por ejemplo, género, rango de edad, entusiasta de los deportes o dueño de mascotas)
identificadores únicos de marketing y/o dispositivos, contactos y otra información de prospectos de marketing de terceros, incluidas las tiendas de aplicaciones
los usuarios de nuestros Servicios pueden proporcionarnos su dirección de correo electrónico o número de teléfono a través de la compra/uso de un Servicio, nuestros programas para invitar a amigos, su libreta de direcciones móvil o plataformas de redes sociales
otra información de terceros que nos ayuda a operar, proporcionar, comprender, personalizar, respaldar y comercializar nuestros Servicios

4. Cómo usamos la información

Podemos usar toda la información que recopilamos y recibimos, o que usted proporciona, para ayudarnos a operar, proporcionar, mejorar, comprender, personalizar, respaldar y comercializar nuestros Servicios (y algunos servicios de terceros). Además, podemos usar su información para fines generales, operativos y administrativos, incluido el mantenimiento de su cuenta, la autenticación y el contacto con usted. Tal como se utilizan en esta Política, los términos “usar”, “usando” y “procesamiento” de información incluyen el uso de cookies u otras tecnologías similares en una computadora/teléfono/dispositivo, someter la información a análisis estadísticos o de otro tipo y usar o manejar la información de cualquier manera, lo que incluye, entre otros, escanear, recopilar, almacenar, evaluar, agregar, modificar, eliminar, usar, combinar, divulgar y compartir información entre nuestras empresas afiliadas tanto dentro como fuera de los Estados Unidos y con proveedores de servicios y vendedores seleccionados.

A. Nuestros Servicios. Analizamos cómo nuestros clientes usan nuestros Servicios y usamos esa información para evaluar y mejorar nuestros Servicios, para investigar, desarrollar y probar nuevos servicios y funciones, y para llevar a cabo actividades de resolución de problemas. Por ejemplo::

nos comunicamos con usted sobre nuestros Servicios y funciones y le informamos sobre nuestros términos y políticas y otras actualizaciones importantes;
podemos dirigirle anuncios o contenido particular según la información que hayamos recopilado o que haya proporcionado;
podemos escanear digitalmente el contenido almacenado en la Aplicación BR, lo que incluye, entre otros, su información de usuario y el contenido de los mensajes, y usar esta información para brindarle información y publicidad dirigida;
usamos su información para responderle cuando se comunica con nosotros. Nuestras comunicaciones con usted, incluidas las conversaciones telefónicas, chats y correos electrónicos, pueden ser monitoreadas y grabadas por nosotros para controlar la calidad o con fines legales, regulatorios o de capacitación;
verificamos cuentas y actividades, y promovemos la seguridad, como al investigar actividades sospechosas o violaciones de nuestros términos, para garantizar que nuestros Servicios se utilicen legalmente.

B. Aplicación BR. Contratamos a ciertos proveedores de servicios y vendedores que utilizan kits de desarrollo de software móvil para recopilar información de forma pasiva de los usuarios de la Aplicación BR. Usamos estos datos principalmente para ayudarnos a enviar notificaciones personalizadas e identificarlo de manera única en otros dispositivos o navegadores con el fin de personalizar los anuncios o el contenido.

5. Cómo compartimos la información

Podemos compartir toda la información que recopilamos y recibimos con nuestras empresas afiliadas, tanto dentro como fuera de los Estados Unidos, y con proveedores de servicios y vendedores seleccionados, para ayudarnos a operar, proporcionar, mejorar, comprender, personalizar, respaldar y comercializar nuestros Servicios (y algunos servicios de terceros), y para fines generales, operativos y administrativos, incluido el mantenimiento de su cuenta, la autenticación y el contacto con usted. Cuando compartimos información con nuestros proveedores de servicios y vendedores, les exigimos que utilicen su información únicamente de acuerdo con nuestras instrucciones y términos o con su permiso expreso, y que no vendan su información. Además, usted comparte su información a medida que usa y se comunica a través de nuestros Servicios.

A. Información compartida dentro de la familia de empresas de IDT. Podemos compartir información dentro de la familia de empresas de IDT, incluidas nuestras empresas afiliadas tanto dentro como fuera de los Estados Unidos (colectivamente, la “Familia de empresas de IDT”), principalmente para operar, proporcionar, respaldar y comercializar nuestros Servicios. Por ejemplo, si compra un Producto BR, entonces compartimos su información de compra con varias empresas afiliadas de IDT para procesar su transacción.

B. Información compartida con nuestros proveedores de servicios y vendedores. Trabajamos con varios proveedores de servicios y vendedores para una variedad de propósitos comerciales, como para ayudarnos a ofrecer, operar, proporcionar, mejorar, comprender, personalizar, respaldar y comercializar nuestros Servicios. Podemos compartir información con estos proveedores de servicios y vendedores en la medida razonablemente necesaria para que realicen trabajos en nuestro nombre. Por ejemplo, podemos proporcionar la información de su tarjeta de crédito y dirección de facturación a nuestra empresa de procesamiento de pagos únicamente con el fin de procesar el pago de una transacción que haya solicitado. Además, IDT comparte cierta información, incluidos identificadores únicos de marketing, direcciones de correo electrónico y números de teléfono móvil, con algunos de nuestros proveedores de servicios y vendedores, incluidos Google y Facebook, para fines de marketing, publicidad y análisis, incluida la entrega de campañas publicitarias y la preparación y el intercambio de informes comerciales y de marketing agregados, perfiles demográficos y para ofrecer publicidad dirigida sobre productos y servicios. Cuando compartimos información con nuestros proveedores de servicios y vendedores, les solicitamos que protejan su información y limiten el uso de los datos a los fines para los que se proporcionaron, y que no vendan su información. IDT no vende, alquila ni arrienda sus listas de clientes a terceros. Finalmente, si compra productos o servicios ofrecidos conjuntamente por IDT y uno de nuestros proveedores de servicios o vendedores, su información de cliente puede ser recibida tanto por IDT como por el proveedor de servicios o vendedor que proporciona el producto o servicio. Para estos productos y servicios ofrecidos conjuntamente, también debe revisar la política de privacidad de la otra empresa, que puede incluir prácticas diferentes a las descritas aquí.

C. Circunstancias especiales. Podemos compartir información en ciertas circunstancias especiales. Por ejemplo:

para cumplir con procesos legales válidos, incluidas citaciones, órdenes judiciales y órdenes de allanamiento, y según lo permita o exija la ley;
para ayudar a las autoridades del orden público en casos que involucren peligro de muerte o lesiones físicas graves a cualquier persona o en otras emergencias;
para proteger nuestros derechos o propiedad, o la seguridad de nuestros clientes o empleados;
para proteger contra el uso fraudulento, malicioso, abusivo, no autorizado o ilegal de nuestros Servicios y para proteger nuestra red, Servicios, dispositivos y usuarios de dicho uso;
para avanzar o defendernos de quejas o reclamos legales en los tribunales, procedimientos administrativos y en otros lugares;
a posibles compradores de la totalidad o parte de nuestro negocio o activos;
a auditores externos, abogados y reguladores;
con su consentimiento.

D. Información compartida con entidades publicitarias o redes sociales. Es posible que vea anuncios de terceros en los Productos BR, los Sitios web BR y/o la Aplicación BR. Algunos anuncios son elegidos por empresas que colocan anuncios en nombre de los anunciantes. Estas empresas, a menudo llamadas servidores de anuncios, pueden colocar y acceder a cookies en su dispositivo para recopilar información sobre su visita. La información que recopilan de nuestros sitios está en un formato que no lo identifica personalmente. Esta información se puede combinar con datos similares obtenidos de otros sitios web para ayudar a nuestros anunciantes a llegar mejor a sus audiencias objetivo. La segmentación se puede lograr adaptando la publicidad a los intereses que deducen de su navegación por nuestros sitios y su interacción con otros sitios web donde también están presentes estos servidores de anuncios. Si elige interactuar con anunciantes específicos que se anuncian en los Productos BR, los Sitios web BR o la Aplicación BR, la información que les proporcione está sujeta a las condiciones de sus políticas de privacidad específicas. Los Sitios web BR y la Aplicación BR también incluyen complementos y widgets que pueden proporcionar información a sus redes sociales o entidades asociadas sobre la página de IDT que visita, incluso si no hace clic ni interactúa de otra manera con el complemento o widget.

E. Cuando usted comparte información. Usted comparte su información a medida que usa y se comunica a través de nuestros Servicios. Su número de teléfono, nombre de perfil y foto, y estado en línea pueden estar disponibles para cualquier persona que use nuestros Servicios, aunque puede configurar la configuración de sus Servicios para administrar cierta información disponible para otros usuarios. Los usuarios con los que se comunica pueden almacenar o compartir su información (incluido su número de teléfono o mensajes) con otros dentro y fuera de nuestros Servicios.

6. Cookies y otras tecnologías de rastreo

Nuestros Servicios pueden usar cookies, balizas web y otras tecnologías de rastreo (colectivamente "Cookies") para recopilar automáticamente la información de los usuarios (incluida la información personal). Las Cookies son pequeños archivos de datos que se transfieren a los navegadores web de los usuarios y/o se almacenan en sus dispositivos mientras navegan. Podemos usar Cookies para mejorar nuestros Servicios y hacer que su experiencia de usuario en línea sea más personalizada y eficiente. Entre otros usos, las Cookies nos ayudan a reconocer a los usuarios recurrentes, facilitan el acceso y el uso de los Sitios web BR por parte de los usuarios, y rastrean el comportamiento de los usuarios en los sitios web que visitan. Podemos recopilar datos agregados con fines estadísticos para mejorar el contenido de nuestros sitios o para administrar mejor las páginas web disponibles en los sitios.

Las balizas web se utilizan para informarnos cómo y cuándo se visitan las páginas de nuestros sitios, por cuántas personas, su punto de origen y sistema operativo, y para monitorear el rendimiento de nuestros Servicios. Las balizas web no recopilan información personal.

La información recopilada con estas tecnologías puede incluir (a) su dirección de protocolo de Internet (IP), identificadores únicos de dispositivo, ubicación, tipo de navegador e información del proveedor de servicios de Internet; (b) información sobre cuándo y cómo accede y usa los Sitios web BR o los Servicios, como los dominios que visita, qué funciones usó y durante cuánto tiempo, el sitio web que lo remitió a nosotros y las marcas de fecha/hora asociadas con su uso; (c) información sobre el dispositivo que usa para acceder a los Sitios web BR o los Servicios, como el tipo de dispositivo, la identificación del dispositivo y la configuración del dispositivo/navegador; y (d) la ubicación del dispositivo utilizado para acceder a los Sitios web BR o los Servicios derivada del uso de GPS o WiFi.

Usamos y compartimos estos datos e información para ofrecer contenido y publicidad personalizados, para garantizar que vea la información correcta del producto, para administrar la frecuencia con la que ve un anuncio, para adaptar los anuncios para que coincidan mejor con sus intereses y para comprender la efectividad de nuestra publicidad. El contenido se puede entregar en los Sitios web BR, en sitios web ajenos a IDT, en la Aplicación BR, por nuestros representantes y por correo electrónico, SMS, notificaciones push u otros servicios de IDT. Además, si responde o interactúa con un anuncio en particular, es posible que luego reciba un anuncio dirigido como resultado de que un servidor de anuncios o una red publicitaria concluya que encaja dentro de una audiencia en particular a la que intentamos llegar.

Las Cookies pueden ser "Persistentes" o de "Sesión". Las Cookies persistentes permanecen en su computadora personal o dispositivo móvil cuando se desconecta, mientras que las Cookies de sesión se eliminan tan pronto como cierra su navegador web. Diferenciamos entre las Cookies que son esenciales para las funciones técnicas de nuestros sitios y las Cookies opcionales de análisis y publicidad, de la siguiente manera:

Cookies esenciales: Estas son cookies que los Sitios web BR necesitan para funcionar, y que le permiten moverse y usar los Sitios web BR y sus funciones. No necesita habilitar las cookies para visitar los Sitios web BR; sin embargo, algunos aspectos de los Sitios web BR pueden ser difíciles o imposibles de usar si las cookies están deshabilitadas. Los ejemplos de dónde se utilizan estas cookies incluyen: para determinar cuándo ha iniciado sesión, para determinar cuándo su cuenta ha estado inactiva y para otros fines de solución de problemas y seguridad.

Cookies analíticas: Estas cookies nos permiten comprender más sobre cuántos visitantes tenemos en los Sitios web BR, cuántas veces nos visitan y cuántas veces un usuario vio páginas específicas dentro de los Sitios web BR. Aunque las cookies analíticas nos permiten recopilar información específica sobre los sitios que visita y si ha visitado los Sitios web BR varias veces, no podemos usarlas para descubrir detalles como su nombre o dirección. Utilizamos ciertas funciones publicitarias de Google Analytics, que incluyen el remarketing y los informes demográficos y de intereses. Google Analytics es un servicio de análisis web proporcionado por Google que nos permite recopilar datos sobre el tráfico en los Sitios web BR a través de cookies de Google y otros identificadores, lo que nos permite, entre otras cosas, crear segmentos de usuarios basados en datos demográficos o de intereses y ofrecer publicidad relevante. Google utiliza los datos recopilados para rastrear y examinar el uso de nuestros sitios web y para preparar informes sobre las actividades y compartirlos con otros servicios de Google. Google puede utilizar los datos recopilados para contextualizar y personalizar los anuncios de su propia red publicitaria. Es posible que pueda optar por no participar en las funciones publicitarias de Google Analytics a través de la configuración de anuncios de su navegador o visitando la página de configuración de anuncios de Google. Para obtener más información sobre cómo Google recopila, usa y comparte su información, consulte "Cómo usa Google la información de sitios o aplicaciones que utilizan nuestros servicios", que se puede encontrar en www.google.com/policies/privacy/partners/, o cualquier otra URL que Google pueda proporcionar de vez en cuando.

Para obtener información sobre cómo puede administrar las Cookies, consulte la sección "Sus derechos y cómo limitar el intercambio de información" a continuación.

7. Sus derechos y cómo limitar el intercambio de información

Puede tener opciones sobre cómo usamos y compartimos su información y existen protecciones adicionales que pueden aplicarse con respecto a cierta información que recopilamos.

A. Información de red de propiedad exclusiva del cliente (CPNI). CPNI es la información que se pone a nuestra disposición únicamente en virtud de nuestra relación con usted y que se relaciona con el tipo, la cantidad, el destino, la configuración técnica, la ubicación y el uso de los servicios de telecomunicaciones y VoIP interconectados que nos compra, así como la información de facturación relacionada. Tiene derecho, y nosotros tenemos el deber, en virtud de la ley federal, de proteger la confidencialidad de su CPNI. Usamos y compartimos su CPNI dentro de la familia de empresas de IDT y con sus agentes, contratistas y socios para fines de marketing, incluido ofrecerle servicios que son diferentes a los servicios que nos compra actualmente. Si no desea que su CPNI se use para los fines de marketing descritos anteriormente, notifíquenos en línea a support@bossrevolution.com. A menos que nos notifique, podemos usar su CPNI como se describe anteriormente y su elección seguirá siendo válida hasta que nos notifique que desea cambiar su selección. Su decisión sobre el uso de su CPNI no afectará la prestación de ningún Servicio que tenga actualmente con nosotros. Nota: este aviso de CPNI puede no aplicarse a los residentes de ciertos estados, incluido Arizona.

B. Lista de no llamar. Las leyes federales de "No llamar" le permiten colocar sus números de teléfono en el Registro Nacional de No Llamar para evitar llamadas de telemarketing a esos números. Para agregar sus números a esta lista, llame al 1-888-382-1222 o visite www.donotcall.gov. La mayoría de las leyes de telemarketing permiten que las empresas se comuniquen con sus propios clientes sin consultar las listas de "No llamar" federales o estatales. Si desea ser eliminado de la lista de telemarketing de IDT, contáctenos en support@bossrevolution.com. Espere 30 días para que su número de teléfono se elimine de cualquier programa de ventas que esté en curso. Tenga en cuenta que es posible que aún lo llamemos con respecto a sus Servicios y cuenta, incluso si elimina su número de nuestra lista de telemarketing.

C. Comunicaciones. Si no desea recibir comunicaciones promocionales de IDT, puede darse de baja en cualquier momento siguiendo las instrucciones para darse de baja que se proporcionan en esas comunicaciones, o comunicándose con nosotros como se indica en la sección "Información de contacto" a continuación. Tenga en cuenta que IDT aún puede continuar enviándole correos electrónicos no promocionales, como los relacionados con sus pedidos, envíos de comentarios y otros asuntos relacionados con el servicio. Puede negarse a dar su consentimiento para recibir llamadas y mensajes de texto de IDT y sus empresas afiliadas que requieran su consentimiento, incluidas las llamadas de telemarketing marcadas automáticamente, pregrabadas o de voz artificial. También puede retirar su consentimiento previamente otorgado para recibir dichas llamadas y mensajes de texto. Su capacidad para administrar algunos de nuestros Servicios podría verse limitada si retira su consentimiento para recibir mensajes de texto y SMS. IDT no recomienda el uso de esos Servicios sin autorización para recibir dichos mensajes.

D. Correos electrónicos promocionales. Puede optar por proporcionarnos su dirección de correo electrónico con el fin de permitirnos enviarle boletines informativos gratuitos, encuestas, ofertas y otros materiales promocionales, así como ofertas dirigidas de terceros. Puede optar por no recibir correos electrónicos promocionales siguiendo las instrucciones para darse de baja en los correos electrónicos que reciba. Si decide no recibir correos electrónicos promocionales, es posible que aún le enviemos comunicaciones relacionadas con el servicio.

E. Correos promocionales. Si en algún momento no desea recibir ofertas y/o circulares de nuestra parte por correo postal, puede eliminarse de nuestras listas de correo enviándonos un correo electrónico (nuestra información de contacto se encuentra a continuación) con "NO SNAIL MAIL" en el asunto junto con su nombre, dirección y código postal. Tenga en cuenta que nuestros correos se preparan antes de ser enviados. Aunque eliminaremos su nombre de nuestra lista de correo después de recibir su solicitud, es posible que aún reciba correos nuestros que se hayan iniciado antes de que se eliminara su nombre.

F. Mensajes de texto promocionales. Puede optar por no recibir mensajes de texto de marketing en cualquier momento respondiendo "STOP" o siguiendo las instrucciones para darse de baja que se incluyen en los mensajes de texto que reciba.

G. Notificaciones push. Puede optar por no recibir notificaciones push nuestras a través de la Aplicación BR yendo a la "Configuración" de su dispositivo y haciendo clic en "Notificaciones", y luego cambiando esas configuraciones para la Aplicación BR. Tenga en cuenta que no puede retirar su consentimiento para recibir ciertos mensajes dentro de la Aplicación BR de IDT.

H. Cookies. Las aplicaciones de navegador web (como Microsoft Internet Explorer, Google Chrome, Firefox y Apple Safari) generalmente tienen funciones que impiden que se envíen cookies o le notifican cuando se envían. Deberá actualizar la configuración de cookies de su navegador de acuerdo con sus preferencia. Su capacidad para limitar las cookies está sujeta a la configuración y limitaciones de su navegador. Si usa varios navegadores en su dispositivo, deberá actualizar la configuración de cada navegador por separado. Algunos navegadores web incorporan una función "No rastrear" ("DNT") o similar que señala a los sitios web que un usuario no quiere que se rastree su actividad y comportamiento en línea. IDT no responde a las señales DNT u otros mecanismos similares. Si está usando un dispositivo móvil, puede restablecer la configuración de su dispositivo para limitar el uso de información recopilada sobre usted, incluidos sus datos de ubicación. Esto generalmente se hace desactivando su configuración/permisos de ubicación. Comuníquese con el Soporte de Apple o Google para Android (según corresponda) para obtener más información sobre cómo hacer esto en su dispositivo. Puede detener toda recopilación de información a través de nuestra aplicación móvil desinstalando la aplicación de su dispositivo.

I. Analíticas. Google ofrece a los usuarios opciones sobre cómo Google Analytics recopila sus datos mediante el desarrollo de un complemento de inhabilitación para navegadores que se puede encontrar en: http://tools.google.com/dlpage/gaoptout?hl=en. Al instalar este complemento, no se envía información a Google Analytics.

J. Otros derechos. En ciertas jurisdicciones, también puede tener uno o más de los siguientes derechos con respecto a su información personal (consulte la Sección 8 y los Anexos de esta Política para obtener todos los detalles):

(i) Derecho a solicitar acceso a su información personal: puede solicitar acceso a su información personal comunicándose con nosotros a la dirección que se describe a continuación o completando el formulario de solicitud estatal correspondiente en www.idt.net. Si lo exige la ley, previa solicitud, le otorgaremos un acceso razonable a la información personal que tenemos sobre usted;(ii) Derecho a solicitar la eliminación de su información personal: puede solicitar que eliminemos su información personal comunicándose con nosotros a la dirección que se describe a continuación o completando el formulario de solicitud estatal correspondiente en www.idt.net. Si lo exige la ley, concederemos una solicitud para eliminar información, pero debe tener en cuenta que en muchas situaciones debemos mantener su información personal para cumplir con nuestras obligaciones legales, resolver disputas, hacer cumplir nuestros acuerdos o para otro de nuestros propósitos comerciales;

(iii) Derecho a solicitar la corrección de su información personal: tiene derecho a solicitar que corrijamos o completemos cualquier información personal inexacta o incompleta que procesemos sobre usted;

(iv) Derecho a la portabilidad de datos: en ciertas circunstancias, tiene derecho a solicitar que proporcionemos la información personal que nos proporcionó en un formato estructurado, de uso común y legible por máquina; y/o

(v) Derecho de no discriminación/represalias: no discriminamos a las personas que ejercen cualquiera de sus derechos descritos en esta Política, ni tomamos represalias contra las personas que ejercen estos derechos.

Muchos de los derechos anteriores están sujetos a excepciones y limitaciones. Por ejemplo, puede estar ubicado en una jurisdicción que no le otorga el derecho a realizar estas solicitudes. En tal caso, es posible que no se cumpla su solicitud. En la medida en que lo permita la ley aplicable, podemos rechazar solicitudes que sean irrazonablemente repetitivas, excesivamente onerosas, pongan en riesgo la privacidad de otros o sean muy poco prácticas de cumplir. Si no podemos proporcionar la información solicitada o realizar el cambio que solicitó, se le proporcionarán los motivos de tales decisiones.

Para ejercer estos derechos, su solicitud debe: (i) proporcionar información suficiente que nos permita verificar razonablemente que usted es la persona sobre la cual recopilamos información personal o un representante autorizado de esa persona; y (ii) describir la solicitud con suficiente detalle que nos permita comprenderla, evaluarla y responder a ella adecuadamente. Es posible que necesitemos información adicional para confirmar su identidad o la identidad de su agente autorizado (como su nombre, dirección de correo electrónico y fecha de nacimiento) o para obtener pruebas de que le ha dado permiso a su agente autorizado para actuar en su nombre. Si nuestro proceso de verificación es exitoso, responderemos a su solicitud en el tiempo y de la manera requerida por la ley aplicable. Si no podemos validar su identidad y/o la de su agente autorizado u obtener pruebas de que le ha dado permiso a su agente autorizado para actuar en su nombre, intentaremos comunicarnos con usted para informarle.

Si designa a un agente autorizado para enviar solicitudes para ejercer ciertos derechos de privacidad en su nombre, requeriremos una verificación de que le proporcionó al agente autorizado permiso para realizar una solicitud en su nombre. Debe proporcionarnos una copia del permiso firmado que le ha dado al agente autorizado para enviar la solicitud en su nombre y verificar su propia identidad directamente con nosotros. Si es un agente autorizado que envía una solicitud en nombre de un individuo, debe adjuntar una copia de un Formulario de designación de agente autorizado completado (o formulario equivalente) que indique que tiene autorización para actuar en nombre del individuo.

8. Derechos de privacidad estatales adicionales

Si usted es residente de cualquiera de los siguientes estados, entonces los términos adicionales en el Anexo correspondiente a esta Política de privacidad también se aplican a usted:

California – consulte el Anexo A de esta Política de privacidad
Colorado – consulte el Anexo B de esta Política de privacidad
Connecticut – consulte el Anexo C de esta Política de privacidad
Delaware – consulte el Anexo D de esta Política de privacidad
Iowa – consulte el Anexo E de esta Política de privacidad
Maryland – consulte el Anexo F de esta Política de privacidad
Minnesota – consulte el Anexo G de esta Política de privacidad
Montana – consulte el Anexo H de esta Política de privacidad
Nebraska – consulte el Anexo I de esta Política de privacidad
New Hampshire – consulte el Anexo J de esta Política de privacidad
Nueva Jersey – consulte el Anexo K de esta Política de privacidad
Oregón – consulte el Anexo L de esta Política de privacidad
Tennessee – consulte el Anexo M de esta Política de privacidad
Texas – consulte el Anexo N de esta Política de privacidad
Utah – consulte el Anexo O de esta Política de privacidad
Virginia – consulte el Anexo P de esta Política de privacidad

9. Otra información

A. Mantener a los niños seguros. DT no comercializa ni recopila intencionalmente información de niños menores de 16 años sin obtener el consentimiento verificable de los padres. Si permite que un niño use su dispositivo o nuestros Servicios, debe tener en cuenta que su información podría recopilarse como se describe en esta Política. Alentamos a los padres a participar en las actividades en línea de sus hijos para garantizar que no se recopile información de un niño sin el permiso de los padres.

B. Seguridad. IDT cuenta con salvaguardas técnicas, organizativas y físicas para ayudar a proteger contra el acceso no autorizado, el uso o la divulgación de la información que recopilamos y almacenamos. Los empleados están capacitados sobre la importancia de proteger la privacidad y sobre el acceso, uso y divulgación adecuados de la información del cliente. IDT asegura la información en servidores de computadora en un entorno controlado y seguro, protegido del acceso, uso o divulgación no autorizados. Utilizamos protección cifrada Secure Socket Layer (SSL) para proteger la información personal transmitida a los Sitios web BR. Los Sitios web BR y la Aplicación BR cumplen con las normas PCI en relación con la información de su tarjeta de crédito. Aunque nos esforzamos por proteger la información que recopilamos y almacenamos, ningún programa es 100% seguro y no podemos garantizar que nuestras salvaguardas evitarán todos los intentos no autorizados de acceder, usar o divulgar esa información. Al usar los Servicios, usted acepta ese riesgo. IDT mantiene planes de seguridad y de respuesta a incidentes para manejar incidentes que involucren acceso no autorizado a la información personal que recopilamos o almacenamos. En el caso de que la ley nos exija informarle sobre una violación de su información personal, podemos notificarle electrónicamente, por escrito o por teléfono, si la ley lo permite. Si tiene conocimiento de un problema de seguridad, comuníquese con nosotros.

C. Información de contacto. Si tiene preguntas, inquietudes o sugerencias relacionadas con nuestra Política o nuestras prácticas de privacidad, puede comunicarse con nosotros en:

IDT Domestic Telecom, Inc.
Boss Revolution Product Team
520 Broad Street, 4th floor
Newark, NJ 07102
Teléfono: 973-438-1000
Correo electrónico: support@bossrevolution.com

D. Redes sociales. Algunos de nuestros Servicios pueden permitirle participar en discusiones de blogs, tableros de mensajes, salas de chat y otras formas de redes sociales y publicar reseñas. Tenga en cuenta que estos foros son accesibles para otros. Le instamos a que no envíe ninguna información personal a estos foros porque cualquier persona que acceda al foro puede leer, recopilar, compartir o usar de otra manera cualquier información que publique. IDT no es responsable de la información que elija enviar a estos foros. Si publica contenido en foros de intercambio de información, lo hace por elección y está dando su consentimiento para la divulgación de esta información.

E. Cambios a esta Política. Nos reservamos el derecho de realizar cambios a esta Política, por lo que le pedimos que la revise periódicamente para conocer los cambios. Podrá ver que se han realizado cambios verificando la fecha de entrada en vigencia publicada al comienzo de la Política.

Exhibit A

California Consumers

If you are a resident of California, then the following section also applies to you.

A. Personal Information. Personal information includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information, including information lawfully made available to the general public by the consumer or from widely distributed media, and deidentified or aggregate consumer information. IDT may collect and use the following categories of personal information regarding California residents:

Categories of Personal Information Collected	Specific Personal Information Collected within Category	Categories of Sources of Personal Information	Is this info Sold, Shared(1) and/or Disclosed for a Business Purpose and Categories of to Whom	Business or Commercial Purposes for Collection and Use of Personal Information
Personal Identifiers and Information, including items listed in subdivision (e) of Section 1798.80 of California Civil Code	name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	consumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, 3rd party vendors that provide IDT with transactional services, data resellers	Sold – no Shared – no Disclosed for a Business Purpose – yes Categories of third parties to whom IDT discloses personal information for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services To maintain and service your account, including to process orders and payments To communicate with you about our terms and policies To verify you, your account activity and your information To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer service To perform due diligence, credit and fraud prevention checks To maintain accurate record keeping To ensure security and integrity of our customers’ personal information To perform product, marketing and organizational analysis To provide advertising and marketing to our customers To measure our marketing campaigns and to audit consumer interactions To comply with regulations and legal requirements To comply with contractual requirements For risk management and compliance For legal advice and defense of claims For general, operational and administrative purposes
Commercial information	records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	consumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, 3rd party vendors that provide IDT with transactional services, data resellers	Sold – no Shared – no Disclosed for a Business Purpose – yes Categories of third parties to whom IDT discloses personal information for a business purpose: see list under Personal Identifiers and Information
Internet or other electronic network activity information	browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	consumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, 3rd party vendors that provide IDT with transactional services, data resellers	Sold – no Shared – no Disclosed for a Business Purpose – yes Categories of third parties to whom IDT discloses personal information for a business purpose: see list under Personal Identifiers and Information
Geolocation data (if you enable location features in BR App)	location of device	consumer, consumer’s device, automatic collection by IDT	Sold – no Shared – no Disclosed for a Business Purpose – yes Categories of third parties to whom IDT discloses personal information for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	profile reflecting the consumer’s marketing preferences; aggregate information from third parties	consumer, consumer’s device, automatic collection by IDT, credit reporting companies, financial companies, 3rd party vendors that provide IDT with transactional services, data resellers	Sold – no Shared – no Disclosed for a Business Purpose – yes Categories of third parties to whom IDT discloses personal information for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., credit card processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

(1) Share and Shared mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

B. Sensitive Personal Information. IDT may collect limited sensitive personal information and limits the use of that information to those uses which are necessary for us to perform the services and provide the goods consumers have requested and for other uses as authorized by applicable California privacy laws and regulations. IDT may collect the following sensitive personal information:

Categories of Sensitive Personal Information Collected

Is this info Sold or Shared(1)

Business or Commercial Purposes for Collection and Use of Sensitive Personal Information

(A) account log-in, financial account, debit card or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;

(B) precise geolocation (if you enable location features in BR App)

Sold – no

Shared – no

To perform the services and provide the goods requested by the consumer, including to help us operate, provide, customize, bill and support our products and services

To ensure the security and integrity of our customers’ personal information, including to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information

For short‐term, transient use, including but not limited to non‐personalized advertising shown as part of a consumer’s current interaction with IDT

To perform services on our behalf, including to maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information, process payments, provide financing, provide analytic services, provide storage, or provide similar services on behalf of our business

To maintain the quality and safety of our products and services, including to improve, upgrade, and enhance our products and services

To resist malicious, deceptive, fraudulent, or illegal actions directed at our business and to prosecute those responsible for those actions

To ensure the physical safety of natural persons

C. Your Rights. As a California resident you have certain additional rights regarding your personal information under the California Consumer Privacy Act of 2018 and (starting on January 1, 2023) the California Privacy Rights Act of 2020 (collectively, the “CCPA”).

(I) Right to Know and Access Personal Information Collected – you have the right to request the following from IDT: categories of personal information collected; categories of sources of personal information; business or commercial purpose for collecting, selling or sharing your personal information; categories of third parties with whom we disclose your personal information; and the specific pieces of personal information that we have collected about you.

(II) Right to Know Personal Information Sold, Shared or Disclosed – you have the right to request the following from IDT: categories of personal information collected; categories of personal information sold or shared by IDT; categories of third parties to whom IDT has sold or shared your personal information; categories of personal information IDT has disclosed for a business purpose; and categories of persons to whom IDT has disclosed your personal information for a business purpose.

(III) Right of No Retaliation - IDT does not discriminate against any California consumer who exercises any of the consumer’s rights under the CCPA. Pursuant to the CCPA IDT is permitted to (a) charge a consumer a different price or rate and/or provide a different level of service to the consumer if that difference is reasonably related to the value provided to the consumer by the consumer’s data, (b) offer loyalty, rewards, premium features, discounts, or club card programs to its customers, and (c) offer financial incentives, including payments, as compensation for the collection, sale, sharing or retention of personal information.

(IV) Right to Delete – you have the right to request that IDT delete any personal information that it has collected about you. There are exceptions to this right and IDT does not have to delete your personal information if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided in the CCPA. In addition, if your personal information is deleted you may not be able to purchase or use our products and services.

(V) Right to Correct Inaccurate Personal Information – you have the right to request that IDT correct any inaccurate personal information that it maintains about you.

(VI)Right to Opt Out of Sale or Sharing of Personal Information – IDT does not sell (as defined in the CCPA) or share (as defined in the CCPA) your personal information. Nonetheless, you have the right to request that IDT not sell or share your personal information should IDT decide in the future to sell or share personal information to third parties. To exercise this right please go to https://www.idt.net/ccpa-do-not-sell and complete the form. We will also process any opt-out of sale/sharing preference signal that meets the requirements set forth in the CCPA and its regulations. IDT does not intentionally collect the personal information of a consumer under the age of 16. IDT does not intentionally sell or share the personal information of a consumer under the age of 16 unless the consumer (if age 13-16) or the consumer’s parent (for consumers under 13) affirmatively authorizes the sale or sharing.

(VII) Right to Limit Use and Disclosure of Sensitive Personal Information – IDT does not use your sensitive personal information (as defined in the CCPA) for purposes other than as set forth in the CCPA. Nonetheless, you have the right to direct IDT to limit its use of your sensitive personal informationto that use which is necessary for IDT to perform the services and provide the goods you requested from IDT, to ensure the security and integrity of your personal information, to perform services on our behalf, including to maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information, process payments, provide analytic services, to maintain the quality of our products and services, and as otherwise provided in the CCPA. Please note that sensitive personal information that is collected or processed by IDT without the purpose of inferring characteristics about a consumer, is not subject to this section, and shall be treated as personal information. To exercise this right please go to https://www.idt.net/ccpa-do-not-sell and complete the form.

D. How to Exercise Your Rights. To exercise your rights to know and access your personal information collected, sold, shared or disclosed by IDT, or to exercise your right to delete your personal information or to correct inaccurate personal information, please go to https://www.idt.net/ccpa-request and complete the form. To exercise your right to opt out of the sale or sharing of your personal information, or to exercise your right to limit the use and disclosure of your sensitive personal information please go to https://www.idt.net/ccpa-do-not-sell and complete the form. We will also process any opt-out of sale/sharing preference signal that meets the requirements set forth in the CCPA and its regulations. In addition, you can exercise your rights by calling the following toll-free number: 888-412-0477. Your authorized agent can make these requests on your behalf using the same links and methods.

E. Verification of Consumer Requests. In order to comply with a consumer request, IDT must reasonably verify the requestor. A record of each request is made as soon as it is received by our data protection team. IDT will use all reasonable measures to verify the identity of the individual making the request. We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request. This is to protect your data and rights. If a third party, relative or representative is requesting the data on your behalf, we will verify their authority to act for you and may contact you and them to confirm you and their identity and gain your authorization prior to responding to the request.

F. Responding to Consumer Requests. IDT will attempt to confirm receipt of each request by contacting the requestor either at the email or telephone number submitted, through the consumer’s account or by other electronic means. IDT will attempt to verify each request and if it is able to verify a request will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days. If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay. IDT may charge a fee or refuse to act on any request that is manifestly unfounded or excessive. All IDT responses shall be in writing and cover the previous 12 month period unless the consumer requests information beyond the 12 month period (only applies to personal information collected on or after January 1, 2022). Where possible the response shall be sent through the consumer’s account. Otherwise, the response shall be sent by mail or electronically. IDT is not obligated to provide a response to a consumer more than two times in any 12 month period. The CCPA contains certain exemptions and exceptions to the exercise of some of these rights. If one or more of those exemptions or exceptions applies to your request, then we may not be able to act upon your request. Where possible we will inform you of the reasons for not acting upon your request.

G. How Long will IDT Retain Your Personal Information. IDT retains your personal information for only as long as is necessary to carry out the purposes described above in this privacy policy, and we have strict review and retention policies in place to meet these obligations. This time period may vary depending on the type of information and the services used, as detailed below, and applicable law, which may require us to maintain information for a set amount of time. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from anonymized information retained or used for these purposes.

(I) Customer account information - we store your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate your service. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services. We are required under certain applicable tax laws to keep your basic personal information (name, address, contact details) for a minimum of six years after which time it will be destroyed unless required to be kept for other purposes.

(II) Communications usage information - while you are an active customer, we retain the communications usage information generated by your use of our services until the information is no longer necessary to provide our services, and for a reasonable time thereafter as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services.

(III) Marketing information, cookies and web beacons - where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

(IV) Device information - we collect device-specific information from you. If you do not revoke our access to this information via the privacy settings on your device, we will retain this information for as long as your account is active.

H. For More Info. For more information on your rights and our obligations under the CCPA please send an email to ccpa-idt@idt.net. For California residents with a disability please send an email to ccpa-idt@idt.net for information on how to access this policy in another format.

Exhibit B

Colorado Consumers

If you are a resident of Colorado, then the following section also applies to you.

A. Personal Data. Personal data includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Colorado residents:

Categories of Personal Data Collected or Processed	Specific Personal Data Collected within Category	Is this data Sold, Shared with Third Parties, Processed for Targeted Advertising or Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects - no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services To maintain and service your account, including to process orders and payments To communicate with you about our terms and policies To verify you, your account activity and your information To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer service To perform due diligence, credit and fraud prevention checks To maintain accurate record keeping To ensure security and integrity of our customers’ personal information To perform product, marketing and organizational analysis To provide advertising and marketing to our customers To measure our marketing campaigns and to audit consumer interactions To comply with regulations and legal requirements To comply with contractual requirements For risk management and compliance For legal advice and defense of claims For general, operational and administrative purposes
Commercial Information	records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects - no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects - no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	location of device	Sold – no Processed for Targeted Advertising – no Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects - no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	profile reflecting the consumer’s marketing preferences; aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Processed for Profiling in furtherance of Decisions that Produce Legal or Significant Effects - no Shared with Third Parties - yes Categories of third parties to whom IDT discloses personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Your Rights. As a Colorado resident you have certain additional rights regarding your personal data under the Colorado Privacy Act (the “COPA”):

(I) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(II) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(III) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Colorado law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(IV) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable format;

(V) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the COPA) your personal data, process your personal data for Targeted Advertising (as defined in the COPA) or process your personal data for Profiling (as defined in the COPA) for decisions that produce legal or similarly significant effects. Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/copa-request and complete the form.

C. How to Exercise Your Rights. To exercise any of your rights, please (i) go to https://www.idt.net/copa-request and complete the form, or (ii) send an email to copa@idt.net detailing your request(s). The COPA applies to individuals who are Colorado residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same methods listed in this section.

D. Authentication of Consumer Requests. In order to comply with a consumer request, IDT must reasonably authenticate the request. A record of each request is made as soon as it is received by our data protection team. IDT will use all reasonable measures to authenticate the identity of the individual making the request. We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request. This is to protect your data and rights. If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

E. Responding to Consumer Requests. IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days. If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay. All IDT responses shall be in writing. The response shall be sent by mail or electronically. If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

F. Appeal of Refusal to Take Action. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to copa@idt.netand requesting an appeal. Within 45 days of IDT’s receipt of your appeal, we will inform you of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Colorado Attorney General at https://coag.gov/ or 720-508-6000.

Exhibit C

Connecticut Consumers

If you are a resident of Connecticut, then the following section also applies to you.

Categories of Personal Data Collected or Processed	Specific Personal Data Collected within Category	Is this data Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services To maintain and service your account, including to process orders and payments To communicate with you about our terms and policies To verify you, your account activity and your information To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts To provide customer service To perform due diligence, credit and fraud prevention checks To maintain accurate record keeping To ensure security and integrity of our customers’ personal information To perform product, marketing and organizational analysis To provide advertising and marketing to our customers To measure our marketing campaigns and to audit consumer interactions To comply with regulations and legal requirements To comply with contractual requirements For risk management and compliance For legal advice and defense of claims For general, operational and administrative purposes
Commercial Information	records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	location of device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of third parties to whom IDT shares personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	profile reflecting the consumer’s marketing preferences; aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of third parties to whom IDT discloses personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the CTPA) that IDT may collect and process is precise geolocation data (as defined in the CTPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature.

C. Your Rights. As a Connecticut resident you have certain additional rights regarding your personal data under the Connecticut Privacy Act (the “CTPA”):

(II) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(III) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Connecticut law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(IV) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable format;

(V) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the CTPA) your personal data, process your personal data for Targeted Advertising (as defined in the CTPA) or process your personal data for Profiling (as defined in the CTPA) for decisions that produce legal or similarly significant effects. Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/ctpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/ctpa-request and complete the form. The CTPA applies to individuals who are Connecticut residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

E. Authentication of Consumer Requests. In order to comply with a consumer request, IDT must reasonably authenticate the request. A record of each request is made as soon as it is received by our data protection team. IDT will use all reasonable measures to authenticate the identity of the individual making the request. We will utilize the requested data to ensure that we can verify the requestor’s identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to responding to your request. This is to protect your data and rights. If a third party, agent or representative is submitting an opt-out request on your behalf, we will verify their authority to act for you and may contact you and them to confirm your and their identity and to gain your authorization prior to taking action upon the request.

F. Responding to Consumer Requests. IDT will attempt to authenticate each request and if it is able to authenticate a request it will provide a response (if necessary and applicable) within 45 days of the receipt of the request, which time period may be extended by IDT for an additional 45 days. If a delay is necessary, IDT will contact the requestor within the original 45 day period and provide the reasons for the delay. All IDT responses shall be in writing. The response shall be sent by mail or electronically. If IDT is not able to process your request, we will inform you of that and (where possible) of the reasons for not acting upon your request.

G. Appeal of Refusal to Take Action. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to ctpa@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Connecticut Attorney General by email at Attorney.General@ct.gov or by phone at 860-808-5318.

Exhibit D

Delaware Consumers

If you are a resident of Delaware, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Delaware Personal Data Privacy Act (the “DEPDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Delaware residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the DEPDPA) that IDT may collect and process is precise geolocation data (as defined in the DEPDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Delaware resident you have certain additional rights regarding your personal data under the DEPDPA:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Delaware law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable, and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance;

(v) Right to Obtain a List of the Categories of Third Parties to which the Controller has disclosed the Consumer’s Personal Data – you have the right to request that IDT provide you with a list of the categories of third parties to whom IDT has disclosed your personal data; and

(vi) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the DEPDPA) your personal data, process your personal data for Targeted Advertising (as defined in the DEPDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the DEPDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/depa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/depa-request and complete the form. The DEPDPA applies to individuals who are Delaware residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Delaware Department of Justice at https://attorneygeneral.delaware.gov/fraud/cmu/complaint/ to submit a complaint.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit E

Iowa Consumers

If you are a resident of Iowa, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Iowa Consumer Data Protection Act (the “IACPDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Iowa residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the IACDPA) that IDT may collect and process is precise geolocation data (as defined in the IACDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As an Iowa resident you have certain additional rights regarding your personal data under the IACDPA:

(ii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Iowa law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iii) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable, and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(iv) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising or Sale – IDT does not sell (as defined in the IACDPA) your personal data, or process your personal data for Targeted Advertising (as defined in the IACDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/iapa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/iapa-request and complete the form. The IACDPA applies to individuals who are Iowa residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Iowa Attorney General at https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint to submit a complaint.

Exhibit F

Maryland Consumers

If you are a resident of Maryland, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Maryland Online Data Privacy Act (the “MDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Maryland residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the MDPA) that IDT may collect and process is precise geolocation data (as defined in the MDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Maryland resident you have certain additional rights regarding your personal data under the MDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Maryland law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Obtain a List of Categories of Third Parties to which IDT has disclosed your Personal Data – you have the right to request that IDT provide you with a list of the categories of Third Parties (as defined in the MDPA) to whom IDT has disclosed your personal data; and

(vi) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the MDPA) your personal data, process your personal data for Targeted Advertising (as defined in the MDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the MDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/mdpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/mdpa-request and complete the form. The MDPA applies to individuals who are Maryland residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact Maryland Attorney General at https://oag.maryland.gov/i-need-to/Pages/business-complaints.aspx to submit a complaint.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit G

Minnesota Consumers

If you are a resident of Minnesota, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Minnesota Consumer Data Privacy Act (the “MNCDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Minnesota residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the MNCDPA) that IDT may collect and process is specific geolocation data (as defined in the MNCDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Minnesota resident you have certain additional rights regarding your personal data under the MNCDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Minnesota law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Obtain a List of Specific Third Parties to which IDT has disclosed your Personal Data – you have the right to request that IDT provide you with a specific list of Third Parties (as defined in the MNCDPA) to whom IDT has disclosed your personal data; and

(vi) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the MNCDPA) your personal data, process your personal data for Targeted Advertising (as defined in the MNCDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the MNCDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/mnpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/mnpa-request and complete the form. The MNCDPA applies to individuals who are Minnesota residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Minnesota Attorney General at https://www.ag.state.mn.us/office/complaint.asp to submit a complaint.

H. How Long will IDT Retain Your Personal Information. IDT retains your personal data for only as long as is necessary to carry out the purposes described above in this privacy policy, and we have strict review and retention policies in place to meet these obligations. This time period may vary depending on the type of information and the services used, as detailed below, and applicable law, which may require us to maintain information for a set amount of time. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from anonymized information retained or used for these purposes.

(i) Customer account information - we store your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate your service. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services. We are required under certain applicable tax laws to keep your basic personal information (name, address, contact details) for a minimum of six years after which time it will be destroyed unless required to be kept for other purposes.

(ii) Communications usage information - while you are an active customer, we retain the communications usage information generated by your use of our services until the information is no longer necessary to provide our services, and for a reasonable time thereafter as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services.

(iii) Marketing information, cookies and web beacons - where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

(iv) Device information - we collect device-specific information from you. If you do not revoke our access to this information via the privacy settings on your device, we will retain this information for as long as your account is active.

I. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit H

Montana Consumers

If you are a resident of Montana, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Montana Consumer Data Privacy Act (the “MCDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Montana residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the MCDPA) that IDT may collect and process is precise geolocation data (as defined in the MCDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Montana resident you have certain additional rights regarding your personal data under the MCDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Montana law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the MCDPA) your personal data, process your personal data for Targeted Advertising (as defined in the MCDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the MCDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/mtpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/mtpa-request and complete the form. The MCDPA applies to individuals who are Montana residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to mtpa@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/.

Exhibit I

Nebraska Consumers

If you are a resident of Nebraska, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Nebraska Data Privacy Act (the “NEDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Nebraska residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the NEDPA) that IDT may collect and process is precise geolocation data (as defined in the NEDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Nebraska resident you have certain additional rights regarding your personal data under the NEDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Nebraska law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the NEDPA) your personal data, process your personal data for Targeted Advertising (as defined in the NEDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the NEDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/nepa-request and complete the form.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Nebraska Attorney General’s Office at https://www.nebraska.gov/apps-ago-complaints/?preSelect=CP_COMPLAINT to submit a complaint.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit J

New Hampshire Consumers

If you are a resident of New Hampshire, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the New Hampshire Data Privacy Act (the “NHDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding New Hampshire residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the NHDPA) that IDT may collect and process is precise geolocation data (as defined in the NHDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a New Hampshire resident you have certain additional rights regarding your personal data under the NHDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by New Hampshire law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the NHDPA) your personal data, process your personal data for Targeted Advertising (as defined in the NHDPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the NHDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/nhpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/nhpa-request and complete the form. The NHDPA applies to individuals who are New Hampshire residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the New Hampshire Attorney General’s Office at https://www.doj.nh.gov/citizens/consumer-protection-antitrust-bureau/consumer-complaints to submit a complaint.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit K

New Jersey Consumers

If you are a resident of New Jersey, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the New Jersey Data Privacy Act (the “NJDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding New Jersey residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the NJDPA) that IDT may collect and process is precise geolocation data (as defined in the NJDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a New Jersey resident you have certain additional rights regarding your personal data under the NJDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by New Jersey law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you in a portable and, to the extent technically feasible, a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling in Furtherance of Decisions that Produce Legal Effects – IDT does not sell (as defined in the NJDPA) your personal data, process your personal data for Targeted Advertising (as defined in the NJDPA) or process your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects (as defined in the NJDPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/njpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/njpa-request and complete the form. The NJDPA applies to individuals who are New Jersey residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to njpa@idt.net and requesting an appeal. Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the New Jersey Division of Consumer Affairs in the Department of Law and Public Safety at https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit L

Oregon Consumers

If you are a resident of Oregon, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Oregon Privacy Act (the “ORPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Oregon residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the ORPA) that IDT may collect and process is precise geolocation data (as defined in the ORPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As an Oregon resident you have certain additional rights regarding your personal data under the ORPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Oregon law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the ORPA) your personal data, process your personal data for Targeted Advertising (as defined in the ORPA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the ORPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/orpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/orpa-request and complete the form. The ORPA applies to individuals who are Oregon residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to orpa@idt.net and requesting an appeal. Within 45 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Oregon Attorney General by email at AttorneyGeneral@doj.state.or.us or by phone at 877-877-9392.

Exhibit M

Tennessee Consumers

If you are a resident of Tennessee, then the following section also applies to you.

A. Personal Information. Personal information (as defined in the Tennessee Information Protection Act (the “TNPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal information does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal information regarding Tennessee residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the TNPA) that IDT may collect and process is precise geolocation data (as defined in the TNPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Tennessee resident you have certain additional rights regarding your personal information under the TNPA:

(i) Right to Confirm if a Controller is Processing Your Personal Information and to Access Personal Information – you have the right to request that IDT confirm whether or not it has collected and processed personal information about you and to access the personal information that we have collected about you;

(ii) Right to Correct Inaccurate Personal Information – you have the right to request that IDT correct any inaccurate personal information that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal information that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal information if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Tennessee law. In addition, if your personal information is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Information in Portable Format – you have the right to obtain from IDT a copy of the personal information that we maintain about you in a portable, and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Information for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the TNPA) your personal information, process your personal information for Targeted Advertising (as defined in the TNPA) or process your personal information for profiling for decisions that produce legal or similarly significant effects (as defined in the TNPA). Nonetheless, you have the right to request that IDT not process your personal information for those purposes should IDT decide in the future to process your personal information for those purposes. To exercise this right please go to https://www.idt.net/tnpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/tnpa-request and complete the form. The TNPA applies to individuals who are Tennessee residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to idtprivacy@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact Tennessee Attorney General at https://www.tn.gov/attorneygeneral/working-for-tennessee/file-a-consumer-complaint.html to submit a complaint.

H. How to Contact IDT. You can contact IDT by sending an email to idtprivacy@idt.net.

Exhibit N

Texas Consumers

If you are a resident of Texas, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Texas Data Privacy and Security Act (the “TDPSA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Texas residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the TDPSA) that IDT may collect and process is precise geolocation data (as defined in the TDPSA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Texas resident you have certain additional rights regarding your personal data under the TDPSA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Texas law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iv) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that we maintain about you (if available in a digital format) in a portable and to the extent technically feasible a readily usable, format that allows you to transmit the data to another entity without hinderance; and

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the TDPSA) your personal data, process your personal data for Targeted Advertising (as defined in the TDPSA) or process your personal data for profiling for decisions that produce legal or similarly significant effects (as defined in the TDPSA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/txpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/txpa-request and complete the form. The TDPSA applies to individuals who are Texas residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to txpa@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.

Exhibit O

Utah Consumers

If you are a resident of Utah, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Utah Privacy Act (the “UTPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data, aggregated data or publicly available information. IDT may collect and process the following categories of personal data regarding Utah residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the UTPA) that IDT may collect and process is specific geolocation data (as defined in the UTPA) from the BR App, primarily for transaction compliance reasons, if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Utah resident you have certain additional rights regarding your personal data under the UTPA:

(i) Right to Confirm if a Controller is Processing Your Personal Data and to Access Your Personal Data – you have the right to request that IDT confirm whether or not it has collected and processed personal data about you and to access the personal data that we have collected about you;

(ii) Right to Delete – you have the right to request that IDT delete any personal data that you provided to it. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Utah law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(iii) Right to Obtain Copy of Personal Data in Portable Format – you have the right to obtain from IDT a copy of the personal data that you previously provided to us in a portable and readily usable format to the extent technically feasible and practicable that allows you to transmit the data to another entity without impediment; and

(iv) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising and/or Sale – IDT does not sell (as defined in the UTPA) your personal data or process your personal data for Targeted Advertising (as defined in the UTPA). Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/utpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/utpa-request and complete the form. The UTPA applies to individuals who are Utah residents, but does not apply to individuals acting in a commercial context. An authorized agent may submit an opt-out request on your behalf using the same method listed in this section.

Exhibit P

Virginia Consumers

If you are a resident of Virginia, then the following section also applies to you.

A. Personal Data. Personal data (as defined in the Virginia Consumer Data Protection Act (the “VCDPA”)) includes any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal data does not include de-identified data or publicly available information. IDT may collect and process the following categories of personal data regarding Virginia residents:

	Categories of Personal Data Collected or Processed	Whether Sold, Shared with Third Parties, or Processed for Targeted Advertising and Categories of to Whom	Purposes for Collection and Processing of Personal Data
Personal Identifiers and Information	Personal Identifiers and Information, which may include name, address, email address, phone number, birthdate, device and marketing identifiers, IP address, payment and financial information, credit/debit card number and details, bank account number and information, personal information necessary to verify you or your account, security code and login credentials, and other personal information you provide	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our service providers and vendors to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; law enforcement; prospective purchasers of our business; outside auditors and lawyers; and government entities, agencies and regulators	To manage our products and services, including to help us operate, provide, evaluate, improve, monitor, customize, bill and support our products and services. To maintain the quality of our products and services, including to improve, upgrade, and enhance our products and services. To maintain and service your account, including to process orders and payments. To communicate with you about our terms and policies. To verify you, your account activity and your information. To detect, investigate and report fraud, abuse or illegal use of our products and services or customer accounts. To provide customer service. To perform due diligence, credit and fraud prevention checks. To maintain accurate record keeping. To ensure security and integrity of our customers’ personal information. To perform product, marketing and organizational analysis. To provide advertising and marketing to our customers. To measure our marketing campaigns and to audit consumer interactions. To comply with regulations and legal requirements. To comply with contractual requirements. For risk management and compliance. For legal advice and defense of claims. For general, operational and administrative purposes.
Commercial Information	Commercial Information, which may include records of products or services purchased and used, diagnostic and service performance information, call records and other traffic data, credit information from reporting agencies, transactional information, and other purchasing or consuming histories	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Internet or other Electronic Network Activity Information	Internet or other Electronic Network Activity Information, which may include browsing history, search history, messages, personal, phone or social network contact information, device information, device contacts, and information regarding a consumer’s interaction and usage with our websites, apps and advertisements	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Geolocation Data (if you enable location features in BR App)	Geolocation Data (if you enable location features in BR App), which may include the location of your device	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: see list under Personal Identifiers and Information
Inferences drawn from any of the information above	Inferences drawn from any of the information above, which may include profile reflecting the consumer’s marketing preferences, and aggregate information from third parties	Sold – no Processed for Targeted Advertising – no Shared with Third Parties - yes Categories of Third Parties to whom IDT may share personal data for a business purpose: IDT family of companies, including our affiliates both in and outside the United States; our vendors and partners to the extent reasonably necessary for them to perform work on our and your behalf (e.g., payment processors); ad networks; data analytics providers; social networks; and prospective purchasers of our business

B. Sensitive Data. The only sensitive data (as defined in the VCDPA) that IDT may collect and process is precise geolocation data (as defined in the VCDPA) from the BR App primarily for transaction compliance reasons if the user enables the app’s location feature. Users of the BR App can enable or disable the app’s location feature in the app. By enabling the location feature, you thereby consent to IDT collecting and processing your precise geolocation data for the purposes identified herein and as outlined in the chart above.

C. Your Rights. As a Virginia resident you have certain additional rights regarding your personal data under the VCDPA:

(ii) Right to Correct Inaccurate Personal Data – you have the right to request that IDT correct any inaccurate personal data that we maintain about you;

(iii) Right to Delete – you have the right to request that IDT delete any personal data that it has collected about you. There may be exceptions to this right and IDT does not have to delete your personal data if it is reasonably necessary to complete a transaction with you, to provide you with goods or services you requested, to comply with our legal obligations, and as otherwise provided by Virginia law. In addition, if your personal data is deleted you may not be able to purchase or use our products and services;

(v) Right to Opt-Out of the Processing of Personal Data for purposes of Targeted Advertising, Sale, or Profiling with Legal Effects – IDT does not sell (as defined in the VCDPA) your personal data, process your personal data for Targeted Advertising (as defined in the VCDPA) or process your personal data for Profiling (as defined in the VCDPA) for decisions that produce legal or similarly significant effects. Nonetheless, you have the right to request that IDT not process your personal data for those purposes should IDT decide in the future to process your personal data for those purposes. To exercise this right please go to https://www.idt.net/vcdpa-request and complete the form.

D. How to Exercise Your Rights. To exercise any of your rights, please go to https://www.idt.net/vcdpa-request and complete the form. The VCDPA applies to individuals who are Virginia residents, but does not apply to individuals acting in a commercial context.

G. Appeal of Refusal to Take Action. If IDT refuses to take action on your request you have the right to appeal that refusal within 30 days of your receipt of IDT’s response by sending an email to vcdpa@idt.net and requesting an appeal. Within 60 days of IDT’s receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including the reasons for our decision. If your appeal is denied, then you may contact the Virginia Attorney General at (804)786-2071 to submit a complaint.

IDT Domestic Telecom, Inc. Política de privacidad de BOSS Revolution

IDT Domestic Telecom, Inc.
Política de privacidad de BOSS Revolution